New cyber threats to both data privacy and information security have become all too common and these two troubling trends are creating a new urgency that many organizations haven’t experienced before.
The first trend involves data use – or the ways organizations collect and use data about people. Personal data is a huge business that is increasingly important to organizations in their efforts to uncover new opportunities. Collecting information which can be used to identify individuals and their buying habits, income, preferences, behavioral traits and other characteristics has become a key competitive advantage for those organizations who have it — and a “must have” for those who don’t.
For the public, big data is a big concern. In fact, in a recent survey, nearly 8 in 10 people reported they were very or somewhat concerned about how organizations collect, use and sell their personal data. And customers and consumers are turning their concerns about protecting their personal data into actions. Another survey reports that nearly one third of respondents had changed companies or service providers over how their data had been handled. That can be a big hit to revenue and market share.
And now that most employees have access to their organization’s data and systems to do their jobs, data privacy issues can crop up in virtually any setting and in any part of an organization’s operations. As a result, one of the biggest compliance challenges for organizations is helping employees develop an awareness and understanding of personal data issues and the different types of personally identifiable information (PII) they may encounter in their work.
The second trend involves information security. While keeping internal data and systems safe has always been a priority, organizations are now more reliant on software and web applications to do business, which has emboldened cybercriminals. They are becoming more sophisticated and brazen in their tactics — consider recent phishing and ransomware attacks — which can put entire organizations and even sectors in peril.
Cybersecurity is everyone’s job
Conducting ongoing cyber security training is one of the proactive steps that organizations can take to ensure employees know how to handle data and keep it safe — and, importantly, know how to respond appropriately to potential issues.
Effective training should raise awareness of how everyday situations in the workplace can be vulnerable to data breaches and attacks and prepare employees to recognize and avoid phishing attacks, protect passwords and understand the principles of data privacy laws. These include the new California Consumer Privacy Act (CCPA) and the General Data Protection Regulation or GDPR — a legal framework that sets guidelines for collecting and processing personal information of people living in the European Economic Area (EEA).
As public concerns about data privacy and a growing number of laws keep cybersecurity in the spotlight, organizations should take a fresh look at efforts to increase awareness among all employees about their responsibility to use personal data properly, keep confidential and sensitive information safe and promptly raise concerns about potential threats.
Sign up for a free trial of our Data Privacy and Information Security training: